Where is the Origin?: QAKBOT Uses Valid Code Signing
Code signing certificates help us assure the file's validity and legitimacy. However, threat actors can use that against us. In...
News
Thomson Reuters collected and leaked at least 3TB of sensitive data
The multinational media conglomerate Thomson Reuters left a database with sensitive customer and corporate data exposed online Original post at...
SiriSpy flaw allows eavesdropping on users’ conversations with Siri
SiriSpy is a vulnerability affecting Apple iOS and macOS that allowed apps to eavesdrop on users’ conversations with Siri. SiriSpy...
Preparing for the long haul: the cyber threat from Russia
Preparing for the long haul: the cyber threat from Russia In January 2022, ahead of Russia’s invasion of Ukraine, we...
Why vulnerabilities are like buses
Why vulnerabilities are like buses There's an old saying that you wait ages for a bus, and then several come...
Using secure messaging, voice and collaboration apps
Using secure messaging, voice and collaboration apps With 'hybrid working' (a combination of working from home and the office) now...
Log4j vulnerability: what should boards be asking?
Log4j vulnerability: what should boards be asking? The Log4Shell critical vulnerability in the widely used logging tool Log4j has caused concern...
Cyber Security in the Built Environment – considering security throughout a buildings lifecycle
Cyber Security in the Built Environment - considering security throughout a buildings lifecycle A building being designed today is, as...
The Technology Assurance principles
The Technology Assurance principles In this blog post I want to introduce a new family of principles, the Technology Assurance...
‘Transaction monitoring’ & ‘Building and operating a secure online service’ guidance published
'Transaction monitoring' & 'Building and operating a secure online service' guidance published If you're responsible for the designing and running...
Zero Trust migration: where do I start?
Zero Trust migration: where do I start? Following our ‘Zero Trust: is it right for me?' blog, this second installment...
The Cyber Assessment Framework 3.1
The Cyber Assessment Framework 3.1 This latest version of the Cyber Assessment Framework (CAF), 3.1, supports the CAF's core users -...
New SOC guidance 101
New SOC guidance 101 Security operations centres (or SOCs) are notoriously difficult to design, build and operate. But they're also...
Relaunching the NCSC’s Cloud security guidance collection
Relaunching the NCSC's Cloud security guidance collection This week we have launched the updated NCSC’s cloud security guidance. It’s more...
Avoiding crisis mismanagement
Avoiding crisis mismanagement Every day, an eclectic range of cyber attacks take place across the UK. No two attacks are...
Mythbusting cloud key management services
Mythbusting cloud key management services The NCSC’s recently-updated cloud security guidance includes a new section on how to configure and...
ACD the 5th Year: report now available to download
ACD the 5th Year: report now available to download The aim of the NCSC's Active Cyber Defence (ACD) programme is...
Securing the cloud (by design *and* by default)
Securing the cloud (by design *and* by default) In any conversation about cloud security, it won’t take long before someone...
Supply chain cyber security: new guidance from the NCSC
Supply chain cyber security: new guidance from the NCSC Many of us rely on suppliers to deliver products, systems, and...
Protect your customers to protect your brand
Protect your customers to protect your brand We're pleased to publish a brace of documents that will help organisations to...
The security benefits of modern collaboration in the cloud
The security benefits of modern collaboration in the cloud When using cloud services, it is important to balance the need...
Introducing our new machine learning security principles
Introducing our new machine learning security principles Artificial intelligence (AI) and machine learning (ML) systems are increasingly used in every...
British hacker arraigned for running The Real Deal dark web marketplace
A popular British hacker was charged by the U.S. authorities for allegedly running the ‘The Real Deal’ dark web marketplace....
OpenSSL to fix the second critical flaw ever
The OpenSSL Project announced an upcoming update to address a critical vulnerability in the open-source toolkit. The OpenSSL Project announced...
